Re: private to public decrypt now working

The right solution here would simply be to issue each VP a key pair as well
(probably with an X509 cert) and have the president encrypt messages for
them using their public keys.

This is all handled very easily with X509 certs and technologies like SMIME
for encrypted/signed email. You can do similar encryption/decryption to
SMIME in your own applications using .NET EnvelopedCms and SignedCms classes
(which is the .NET implementation of the underlying technology used by
SMIME).

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Bob Bins" <deveng@xxxxxxxxx> wrote in message
news:O1SBHOVmHHA.1216@xxxxxxxxxxxxxxxxxxxxxxx
I was going to use the public/private key thing a little different that
normal. The public key would be semi-private and the private would be
extremely private. An example would be where say a president of a comany
would have the private key, all vice presidents would have a public key.
All vice's could encrypt and only president could decrypt. Then if the
president wanted something only his vice presidents should see he would
encypt with the private and only they could decrypt. But I guess this
type of encryption does not exist.

I herd somewhere before that both private and public and encrypt, which is
wrong. I will have to find another solution.

Thanks for the detailed explination.

"Valery Pryamikov" <valery.pryamikov@xxxxxxxxxx> wrote in message
news:1179466414.816985.79290@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On May 17, 6:37 pm, "Bob Bins" <dev...@xxxxxxxxx> wrote:
I am using the below sample for public private key encryption. And my
problem is I can encrypt with the public key and decrypt with the
private key but I can't encrypt with the private and decrypt with the
public. I always get a BadKey error when I pass in the public key to
decrypt.

Copy the below code in to a form and you will see. If you switch it to
use the public key to encrypt and private to decrypt it works. I
through it was supposed to work both ways?

Hi,
Signature and Encryption are two different prototypes with different
security requirements that among other require different padding
modes. Use phrase "decrypt with public" key was the biggest obuse of
terminology in history of cryptography that was widespread by Bruce
Schneier's book "Applied Cryptography". The phrase it self were
supposed to be used to describe signature schemes with message
recovery (such as RSA). This phrase was also used to adjust asymmetric
encryption and signature to old protocol verification models such as
BAN. However, by it self this is just a missnomer - public key is
known to everybody and decrypt operation has meaning of providing
privacy to the content - which is impossible if decryption key is
known to everyone.
Even so raw RSA allows interchange of public and private key, but in
reality they can't be interchanged. Private key decryption is
implemented with using CRT (chinese remainder theorem) to provide 4x
better performance of private key operation. For that - you need not
only exponent, but also factorization of modulus and multiplicative
inverses of some product these factors. Public key has only modulus
and exponent and can't be used with such calculation.
Small private key is also subject to various attacks. For example
Veiner's attack allows to calculate private key in case if private key
exponent is 1/3 of public key exponent by used method of continued
fractions (a bit similar to rational numbers reconstruction method).
You will do your self a fawor if you stop thinking about signature
verification as "decryption with public key" and start use proper
terminology and proper operations! I.e. You encrypt with public key
and you decrypt with private key; you generate signature with private
key and you validate signature with public key. That's it

-Valery





.

Relevant Pages

  • Re: More on learning "Public Key Authentication"
    ... let me say that in public key ... > encrypt the result with Alice's public key. ... > is sent to Alice who decrypts the message with her private key (which ... encrypted with my private key and they can then decrypt it with the ...
    (comp.sys.mac.system)
  • Re: Public - Private key
    ... As to what could be a very small private key and veyr small public key so ... decrypt A1 and likewise A1 can only decrypt P1. ... When PC1 communicates securely with PC2, PC1 will encrypt the data using the ...
    (microsoft.public.security)
  • Re: DECRYPT with PUBLIC key (how to?)
    ... values in my application which would be decoded with my own public key which ... This is a very stupid thing to think that you can encrypt with private ... Private key operations often uses CRT ... Signature schemes and Encryption schemes have completely different ...
    (microsoft.public.dotnet.security)
  • RSA frustrations - encrypt with private, decrypt with public - possible?
    ... -User with name "Foo" requests license. ... -User has public key, ... sufficient - I want to encrypt / decrypt a small amount of arbitrary ... "distribute private key, ...
    (microsoft.public.security)
  • RSA frustrations - encrypt with private, decrypt with public - possible?
    ... -User with name "Foo" requests license. ... -User has public key, ... sufficient - I want to encrypt / decrypt a small amount of arbitrary ... "distribute private key, ...
    (microsoft.public.dotnet.security)